Re: [PATCH] tracing: Fix WARN_ON in tracing_buffers_mmap_close

Next message: Ethan Tidmore: "[PATCH 2/3] HID: hid-lenovo-go-s: Remove impossible condition"
Previous message: Ethan Tidmore: "[PATCH 1/3] HID: hid-lenovo-go-s: Fix signedness bug"
In reply to: Steven Rostedt: "Re: [PATCH] tracing: Fix WARN_ON in tracing_buffers_mmap_close"
Next in thread: Qing Wang: "Re: [PATCH] tracing: Fix WARN_ON in tracing_buffers_mmap_close"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Steven Rostedt

Date: Fri Feb 27 2026 - 15:55:51 EST

On Fri, 27 Feb 2026 10:20:38 -0500
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:

> On Fri, 27 Feb 2026 11:22:22 +0000
> Vincent Donnefort <vdonnefort@xxxxxxxxxx> wrote:
>
> > > Ah right, Syzkaller is using madvise(MADVISE_DOFORK) which resets VM_DONTCOPY.
> >
> > As we are applying restrictive rules for this mapping, I believe setting VM_IO
> > might be a better fix.
>
> Agreed.
>

Adding MM folks so we do this right.

Dear MM folks,

Here's the issue. When the ftrace ring buffer is memory mapped to user
space, we do not want anything "special" done to it. One of those things we
did not want done was to have it copied on fork. To do that, we added
VM_DONTCOPY, but we didn't know that an madvise() could disable that. It
looks like VM_IO will prevent that from happening.

But looking at the various flags, I see there's a VM_SPECIAL. I'm wondering
if that is what we should use?

The effected code is here:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/trace/ring_buffer.c#n7172

What's your thoughts?

Thanks,

-- Steve